HackTheBox - Jail

IppSec · Intermediate ·🔐 Cybersecurity ·8y ago

Skills: Security Basics90%AI Security80%Defensive AI70%Tool Use & Function Calling60%Multi-Agent Systems50%

00:52 - Recon - NMAP 04:05 - Recon - Getting Linux Distro 04:35 - Recon - GoBuster 05:40 - Analyzing Jail.c source 09:45 - Begin Binary Exploitation 15:10 - Verify Buffer Overflow 17:35 - Create Exploit Skeleton 20:50 - Finding EIP Overwrite 23:02 - Adding Reverse TCP Shellcode 30:15 - Switching to "Socket Re-Use" Shellcode 32:20 - Shell Returned 34:00 - NFSv3 Privesc Begin 40:15 - Begin incorrectly playing with SetUID 43:10 - SELinux Escape 45:25 - Using SELinux Escape to copy SSH Key 48:55 - Logging in as Frank 50:00 - Privesc to adm (sudo rvim) 51:44 - Begin of finding a way to root 55:58 - Begin cracking rar file 57:18 - Using Hashcat to generate custom wordlist 60:40 - Cracking with JohnTheRipper 62:30 - RsaCtfTool to exploit weak SSH Pub Key 63:36 - Login as root with SSH Private Key 64:11 - EXTRA CONTENT: Alternative Privesc to ADM (NFS) 65:21 - Creating a directory to give other users NFS Write access 67:30 - Correct way to do SetUID Program 71:04 - Using SetUID Programs to write to disk

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 21 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

More on: Security Basics

View skill →

HackTheBox - Analytics

HackTheBox - Analytics

AWS Security Agent (Preview) Overview - Frontier Agent for Proactive AppSec | Amazon Web Services

AWS Security Agent (Preview) Overview - Frontier Agent for Proactive AppSec | Amazon Web Services

Amazon Web Services

HOW FRCKN' HARD IS IT TO UNDERSTAND A URL?! - uXSS CVE-2018-6128

HOW FRCKN' HARD IS IT TO UNDERSTAND A URL?! - uXSS CVE-2018-6128

Secure Hash Algorithms Using Python- SHA256,SHA384,SHA224,SHA512,SHA1- Hashing In BlockChain

Secure Hash Algorithms Using Python- SHA256,SHA384,SHA224,SHA512,SHA1- Hashing In BlockChain

Bruteforce 32bit Stack Cookie. stack0: part 3 - bin 0x23

Bruteforce 32bit Stack Cookie. stack0: part 3 - bin 0x23

Configure and Deploy AWS Client VPN

Configure and Deploy AWS Client VPN

Related AI Lessons

Stop Storing JWTs in localStorage: A Security Guide for Web Developers

Learn why storing JWTs in localStorage is insecure and how to secure your web application's authentication, which is crucial for protecting user data

Dev.to · Damilola Owolabi

Inside Consumer DVRs — Hardware, Firmware & Network Security Evaluation

Learn about the hardware, firmware, and network security of consumer DVRs through a reverse engineering analysis of the Hikvision DS-7204HUHI-K

Medium · Cybersecurity

Cómo construimos un SOC con honeypot e IA local

Learn how to build a Security Operations Center (SOC) using honeypot and local AI to detect and prevent cyber threats

Dev.to · Yoandy Ramirez Delgado

Credentials in web applications: how to store them properly

Learn how to store credentials properly in web applications to prevent breaches

Dev.to · Ian Johnson

Chapters (27)

0:52 Recon - NMAP

4:05 Recon - Getting Linux Distro

4:35 Recon - GoBuster

5:40 Analyzing Jail.c source

9:45 Begin Binary Exploitation

15:10 Verify Buffer Overflow

17:35 Create Exploit Skeleton

20:50 Finding EIP Overwrite

23:02 Adding Reverse TCP Shellcode

30:15 Switching to "Socket Re-Use" Shellcode

32:20 Shell Returned

34:00 NFSv3 Privesc Begin

40:15 Begin incorrectly playing with SetUID

43:10 SELinux Escape

45:25 Using SELinux Escape to copy SSH Key

48:55 Logging in as Frank

50:00 Privesc to adm (sudo rvim)

51:44 Begin of finding a way to root

55:58 Begin cracking rar file

57:18 Using Hashcat to generate custom wordlist

1:00:40 Cracking with JohnTheRipper

1:02:30 RsaCtfTool to exploit weak SSH Pub Key

1:03:36 Login as root with SSH Private Key

1:04:11 EXTRA CONTENT: Alternative Privesc to ADM (NFS)

1:05:21 Creating a directory to give other users NFS Write access

1:07:30 Correct way to do SetUID Program

1:11:04 Using SetUID Programs to write to disk

A single PR just hijacked the NPM registry...